Keeping your website secure

 

Overview

This article provides an overview of ways to secure your website content at DreamHost.

Configuring permissions and access

The following explains how to set permissions on your website's directories and files, add an SSL certificate, and decide what access to grant to a developer.

Configure file permissions

When setting up file permissions, DreamHost recommends that you set the permissions to the following:

  • Files – Set to 644 permissions using the command chmod 644 <filename>
  • Directories – Set to 755 permissions using the command chmod 755 <directory_name>
  • Executables – Set to 755 permissions using the command chmod 755 <executable_name>

Here is an example of how your file/folder permissions should look on the server after running ls -la.

[server]$ ls -la
drwxr-xr-x 2 exampleuser pg5034488  10 Apr 22 09:13 example_directory
-rw-r--r-- 1 exampleuser pg5034488   0 Apr 22 09:12 example_file.php

Use an SSL certificate

An SSL certificate should be used on all websites to ensure data is transmitted securely. DreamHost offers both free and paid (professionally-signed) options.

Allowing developer access to your site

It may be necessary at some point to hire a developer to work on your website. There are a few different ways a developer may require access to your site in order to work on it. The access you grant a developer depends on exactly what tools they need to complete the job you hired them for.

See this article for information on how to grant your developer only the specific access they require.

Managing your website content

This section provides suggestions on securing access to your website and its data.

Assign a unique user to each domain

DreamHost recommends that you assign a unique web user to each of your individual websites. The reason for this is that if one of your sites becomes compromised, the exploit won't expand to your other sites. See the One user per domain policy article for more information on how each user only has access to the content under their own directory.

Connect using a secure client

When connecting to your server to manage your files, DreamHost recommends that you use either SSH or SFTP (using port #22).

An FTP connection (using port #21) is not secure and should never be used.

Keep software updated

Always ensure that the software your website uses is up to date.

Websites are often hacked via security holes found in old versions of web software, such as web forums, wikis, and blogs. It's your responsibility to keep the website application updated with the latest version.

Some applications do not provide an upgrade path from older versions, which will then need to be updated manually. Check with the application’s developers for further assistance on upgrading.

Database access

See this article for information on securing how your database is accessed. 

This is very important as your database holds all of your website's data and configuration details. Failure to protect it could expose private information such as usernames, email addresses, and more.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?